package com.xuzimian.global.demo.spring.security.oauth2.client.config.oauth;

import com.xuzimian.global.demo.spring.security.oauth2.client.bootutils.UserInfoTokenServices;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;

import javax.annotation.Resource;

/**
 * 该类配置oauth2 client客户端，用于自己的githug 的 oauth2 server登录授权。
 */
@Configuration
@Order(Integer.MIN_VALUE)
public class OAuth2ClientForGithubOauthServerConfigurer {
    @Resource
    OAuth2ClientContext oauth2ClientContext;

    @Bean(name = "githubFilter")
    public OAuth2ClientAuthenticationProcessingFilter sso() {
        OAuth2ClientAuthenticationProcessingFilter githubFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/github");
        OAuth2RestTemplate githubTemplate = new OAuth2RestTemplate(github(), oauth2ClientContext);
        githubFilter.setRestTemplate(githubTemplate);
        githubFilter.setTokenServices(new UserInfoTokenServices("https://api.github.com/user", github().getClientId()));
        return githubFilter;
    }

    @Bean(name = "github")
    public AuthorizationCodeResourceDetails github() {
        AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
        details.setClientId("e965acf7ea9bf6b40b2e");
        details.setClientSecret("a5db218f69f947a27ba1582bcbdd04d379fe0bfe");
        details.setUserAuthorizationUri("https://github.com/login/oauth/authorize");
        details.setAccessTokenUri("https://github.com/login/oauth/access_token");
        details.setAuthenticationScheme(AuthenticationScheme.query);
        details.setClientAuthenticationScheme(AuthenticationScheme.form);
        return details;
    }


    //    @Bean
//    public ClientRegistrationRepository getClientRegistrationRepository() {
//        return new InMemoryClientRegistrationRepository(getMyClientRegistration(),getGithubClientRegistration());
//    }
//
//    @Autowired
//    private ClientRegistrationRepository clientRegistrationRepository;
//
//    private OAuth2AuthorizationRequestResolver getOAuth2AuthorizationRequestResolver() {
//        return new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, "/oauth2/authorization");
//    }


    private ClientRegistration getMyClientRegistration() {

        return ClientRegistration.withRegistrationId("login")
                .clientId("ssoclient")
                .clientSecret("ssosecret")
                .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .scope("all")
                .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
                .authorizationUri("{baseUrl}/oauth/authorize")
                .tokenUri("{baseUrl}/oauth/token")
                // .jwkSetUri("http://localhost/oauth/token_key")
                .clientName("xzm")
                .build();
    }


    private ClientRegistration getGithubClientRegistration() {
        return ClientRegistration.withRegistrationId("github")
                .clientId("e965acf7ea9bf6b40b2e")
                .clientSecret("a5db218f69f947a27ba1582bcbdd04d379fe0bfe")
                .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .scope("all")
                .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
                .authorizationUri("https://github.com/login/oauth/authorize")
                .tokenUri("https://github.com/login/oauth/access_token")
                // .jwkSetUri("http://localhost/oauth/token_key")
                .clientName("demo")
                .build();
    }
}
